<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_auth_db</TITLE>
</HEAD>

<BODY>
<!--#include virtual="header.html" -->
<H1>Module mod_auth_db</h1>

This module is contained in the <code>mod_auth_db.c</code> file, and
is not compiled in by default. It provides for user authentication using
Berkeley DB files. It is an alternative to <A HREF="mod_auth_dbm.html">DBM</A>
files for those systems which support DB and not DBM. It is only
available in Apache 1.1 and later.


<menu>
<li><A HREF="#authdbgroupfile">AuthDBGroupFile</A>
<li><A HREF="#authdbuserfile">AuthDBUserFile</A>
</menu>
<hr>


<A name="authdbgroupfile"><h2>AuthDBGroupFile</h2></A>
<!--%plaintext &lt;?INDEX {\tt AuthDBGroupFile} directive&gt; -->
<strong>Syntax:</strong> AuthDBGroupFile <em>filename</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_db<p>

The AuthDBGroupFile directive sets the name of a DB file containing the list
of user groups for user authentication. <em>Filename</em> is the absolute path
to the group file.<p>

The group file is keyed on the username. The value for a user is a
comma-separated list of the groups to which the users belongs. There must
be no whitespace within the value, and it must never contain any colons.<p>

Security: make sure that the AuthDBGroupFile is stored outside the
document tree of the web-server; do <em>not</em> put it in the directory that
it protects. Otherwise, clients will be able to download the
AuthDBGroupFile unless otherwise protected.<p>

Combining Group and Password DB files: In some cases it is easier to
manage a single database which contains both the password and group
details for each user. This simplifies any support programs that need
to be written: they now only have to deal with writing to and locking
a single DBM file. This can be accomplished by first setting the group
and password files to point to the same DB file:<p>

<blockquote><code>
AuthDBGroupFile /www/userbase<br>
AuthDBUserFile /www/userbase
</code></blockquote>

The key for the single DB record is the username. The value consists of <p>

<blockquote><code>
Unix Crypt-ed Password : List of Groups [ : (ignored) ]
</code></blockquote>

The password section contains the Unix crypt() password as before. This is
followed by a colon and the comma separated list of groups. Other data may
optionally be left in the DB file after another colon; it is ignored by the
authentication module. <p>

See also <A HREF="core.html#authname">AuthName</A>,
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbuserfile">AuthDBUserFile</A>.<p><hr>

<A name="authdbuserfile"><h2>AuthDBUserFile</h2></A>
<!--%plaintext &lt;?INDEX {\tt AuthDBUserFile} directive&gt; -->
<strong>Syntax:</strong> AuthDBUserFile <em>filename</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_db<p>

The AuthDBUserFile directive sets the name of a DB file containing the list
of users and passwords for user authentication. <em>Filename</em> is the
absolute path to the user file.<p>

The user file is keyed on the username. The value for a user is the
crypt() encrypted password, optionally followed by a colon and
arbitrary data.  The colon and the data following it will be ignored
by the server.<p>

Security: make sure that the AuthDBUserFile is stored outside the
document tree of the web-server; do <em>not</em> put it in the directory that
it protects. Otherwise, clients will be able to download the
AuthDBUserFile.<p>

Important compatibility note: The implementation of "dbmopen" in the
apache modules reads the string length of the hashed values from the
DB data structures, rather than relying upon the string being
NULL-appended. Some applications, such as the Netscape web server,
rely upon the string being NULL-appended, so if you are having trouble
using DB files interchangeably between applications this may be a
part of the problem. <p>

See also <A HREF="core.html#authname">AuthName</A>,
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<p>

<!--#include virtual="footer.html" -->
</BODY>
</HTML>

